While Browsing our site with FIREFOX (any version and only with firefox) some amount of users are complaining that from time to time they are getting an SSL error that may be connected to FIREFOX TLS.
the error is: "SSL_ERROR_RX_UNEXPECTED_NEW_SESSION_TICKET "
Technical info:
We are using APACHE2 (TLS Enable and SSL V3) and Tomcat as back end.
OS - Redhat
FW - Cisco ASA
Certificate - VeriSign Wildcard
Some URLs that are affected:
https://www.plimus.com/jsp/buynow.jsp?contractId=1724988
or
https://secure.plimus.com/jsp/buynow.jsp?contractId=2598796
thank you.

Sorry, I can't help more than that but it doesn't look like a Firefox problem to me.

I can't get into https://support.plimus.com/jsp/admin_login.jsp? on Fx6, IE9, Opera or Google Chrome.
plimus.com is not a problem nor, for example, (from Google) is https://support.plimus.com/jsp/support.jsp
Sorry, I can't help more than that but it doesn't look like a Firefox problem to me.

Your connection to www.plimus.com is encrypted with 256-bit encryption.
The connection uses SSL 3.0.
The connection is encrypted using AES_256_CBC, with SHA1 for message authentication and DHE_RSA as the key exchange mechanism.
The connection is not compressed.
The connection had to be retried using SSL 3.0. This typically means that the server is using very old software and may have other security issues.

It works in Firefox if I disable TLS 1.0, so there is definitely something wrong with that server.

Google Chrome reports on https://www.plimus.com/jsp/buynow.jsp?contractId=1724988
<pre><nowiki>Your connection to www.plimus.com is encrypted with 256-bit encryption.
The connection uses SSL 3.0.
The connection is encrypted using AES_256_CBC, with SHA1 for message authentication and DHE_RSA as the key exchange mechanism.
The connection is not compressed.
The connection had to be retried using SSL 3.0. This typically means that the server is using very old software and may have other security issues.</nowiki></pre>
It works in Firefox if I disable TLS 1.0, so there is definitely something wrong with that server.

I don't know.
I'm not an expert with configuring server or SSL.
I assume that it is the server software and that an updated SSL package that supports TLS properly needs to be installed or updated on the server.

It was Google Chrome that gave me the idea to check Firefox with TLS 1.0 disabled.
Firefox seems to cache it because I didn't get the error now with TLS enabled and only after using Clear Recent History to clear the "Active Logins" then I got the SSL error page back and not via a reload with bypassing the cache (Ctrl+F5).

I don't know.<br />
I'm not an expert with configuring server or SSL.<br />
I assume that it is the server software and that an updated SSL package that supports TLS properly needs to be installed or updated on the server.<br />
It was Google Chrome that gave me the idea to check Firefox with TLS 1.0 disabled.<br />
Firefox seems to cache it because I didn't get the error now with TLS enabled and only after using Clear Recent History to clear the "Active Logins" then I got the SSL error page back and not via a reload with bypassing the cache (Ctrl+F5).
----
*http://en.wikipedia.org/wiki/Transport_Layer_Security

Question owner

Hi,
first i'd like to thank you for your help Cor-el but that's not the case in our end.
i'm using latest Apache and OPENSSL versions on our servers.

can you send me the URL for tool that you used for testing in google chrome (or it was the browser itself?)

i'll be happy to know if you or anyone else has any other ideas or comments...

thanks

Hi,
first i'd like to thank you for your help Cor-el but that's not the case in our end.
i'm using latest Apache and OPENSSL versions on our servers.
can you send me the URL for tool that you used for testing in google chrome (or it was the browser itself?)
i'll be happy to know if you or anyone else has any other ideas or comments...
thanks